Back to skill

Security audit

Media Processor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate media-processing skill, but it needs review because its file-writing behavior can overwrite local files without clear safeguards.

Review this before installing if you may run it on valuable media directories or shared workspaces. Use explicit output folders, avoid pointing outputs at existing files, and prefer a version that refuses to overwrite unless requested, uses secure temporary files, and pins reviewed dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises and demonstrates capabilities that imply shell execution and file writing (for example invoking ffmpeg and producing output files), but it does not declare any permissions. Undeclared powerful capabilities reduce transparency and can lead to unsafe execution assumptions by users or platforms, especially in a media-processing skill that handles arbitrary file paths and external tools.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The conversion routine always supplies -y, causing FFmpeg to overwrite the destination file without confirmation. If output_path is influenced by user input or automation mistakes, existing files can be silently destroyed or replaced, which is especially risky in enterprise media workflows handling valuable assets.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Audio extraction also forces overwrite of the target file via -y, enabling silent destruction of preexisting content. In a batch-processing or agent-driven context, a mistaken or attacker-controlled output path could replace important files without any warning.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The compression function overwrites destination files unconditionally, creating a clear integrity risk. Because this skill is designed for automated multimedia processing, unattended execution makes accidental or malicious file replacement more dangerous than in an interactive CLI tool.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This merge operation has two real issues: it forces overwrite of output_path and it uses a fixed temporary filename temp_video_list.txt in the current working directory. The predictable temp file can be clobbered, raced, or redirected via symlink in shared environments, potentially causing unintended file modification or misuse of concatenation input.

Unpinned Dependencies

Low
Category
Supply Chain
Content
moviepy>=1.0.3
pydub>=0.25.1
librosa>=0.10.0
openai-whisper>=20231117
Confidence
93% confidence
Finding
moviepy>=1.0.3

Unpinned Dependencies

Low
Category
Supply Chain
Content
moviepy>=1.0.3
pydub>=0.25.1
librosa>=0.10.0
openai-whisper>=20231117
numpy>=1.24.0
Confidence
93% confidence
Finding
pydub>=0.25.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
moviepy>=1.0.3
pydub>=0.25.1
librosa>=0.10.0
openai-whisper>=20231117
numpy>=1.24.0
Pillow>=10.0.0
Confidence
93% confidence
Finding
librosa>=0.10.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
moviepy>=1.0.3
pydub>=0.25.1
librosa>=0.10.0
openai-whisper>=20231117
numpy>=1.24.0
Pillow>=10.0.0
ffmpeg-python>=0.2.0
Confidence
92% confidence
Finding
openai-whisper>=20231117

Unpinned Dependencies

Low
Category
Supply Chain
Content
pydub>=0.25.1
librosa>=0.10.0
openai-whisper>=20231117
numpy>=1.24.0
Pillow>=10.0.0
ffmpeg-python>=0.2.0
srt>=3.5.0
Confidence
94% confidence
Finding
numpy>=1.24.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
librosa>=0.10.0
openai-whisper>=20231117
numpy>=1.24.0
Pillow>=10.0.0
ffmpeg-python>=0.2.0
srt>=3.5.0
tqdm>=4.66.0
Confidence
94% confidence
Finding
Pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai-whisper>=20231117
numpy>=1.24.0
Pillow>=10.0.0
ffmpeg-python>=0.2.0
srt>=3.5.0
tqdm>=4.66.0
Confidence
92% confidence
Finding
ffmpeg-python>=0.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy>=1.24.0
Pillow>=10.0.0
ffmpeg-python>=0.2.0
srt>=3.5.0
tqdm>=4.66.0
Confidence
90% confidence
Finding
srt>=3.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
Pillow>=10.0.0
ffmpeg-python>=0.2.0
srt>=3.5.0
tqdm>=4.66.0
Confidence
93% confidence
Finding
tqdm>=4.66.0

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
88% confidence
Finding
Pillow

Known Vulnerable Dependency: tqdm — 3 advisory(ies): CVE-2024-34062 (tqdm CLI arguments injection attack); CVE-2016-10075 (TDQM Arbitrary Code Execution); CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to e)

High
Category
Supply Chain
Confidence
81% confidence
Finding
tqdm

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.